Cookie text is the message on a website to inform users about cookies and for what purpose they are used. Various data protection laws require websites to provide their users with this information to obtain voluntary consent for using cookies. This notification or message appears on a website’s consent banner.
Here is an example of a cookie text:
The cookie text’s content may extend beyond just the first layer of message on the banner to the second layer, where you can see the explanation of different types of cookies used and settings to give consent to them.
The GDPR does not explicitly mention cookies in its official document. However, the scope of personal data identifiers in the regulation includes cookies. Any information that directly or indirectly links to a person is referred to as personal data in the GDPR. In that terms, cookies collect and use user data that can be used to identify the users. Therefore, cookie identifiers are considered personal data under GDPR, and using cookies is subject to the law. This only applies to cookies that collect and use personally identifiable information and share them with third parties. Therefore, cookies that are strictly necessary for a website to function are exempted from GDPR cookie consent.
- Inform users about using cookies and their purpose when they visit the website.
- Allow them to accept and reject cookies before storing them on their device.
- Keep cookies (except strictly necessary cookies) blocked until the user gives consent.
- Let users select what cookies they want the website to store on their device.
- Allow users to withdraw cookie consent if necessary.
- Keep a log of all the user consent.
- Renew cookie consent every 6 months (depends on the local data protection authority guidelines).
Cookie text is all about informing the users about these details. Well, at least some of them.
The GDPR emphasizes using clear and easy-to-understand language for such information. The users must be able to make an informed decision after reading the text. Therefore, it is wise to avoid legal or technical jargon in the cookie text.
Here is an example of a GDPR-compliant cookie text on a consent banner:
Clicking on Customize will open the cookie preference settings, where users can choose between the cookie categories they want to consent. Here, the cookie text conveys why these cookies are used:
Want a cookie banner like this on your website?
Try CookieYes for a hassle-free cookie banner setup and cookie consent management for GDPR and CCPA compliance.Try free cookie banner
*Free 14-day trial *Cancel anytime
CCPA’s rules for regulating personal data resemble GDPR in many ways. However, one of the most striking differences is that US law does not demand businesses to obtain consent before collecting personal data. But if the users are not okay with the data collection, they must be able to opt out of it. Therefore, the CCPA requires businesses to adopt just the opt-out model rather than the opt-in and opt-out like GDPR.
for CCPA compliance, best practices for cookie notification are:
- Inform users about cookies and their source and purpose.
- Allow users to opt out of cookies (DNSMPI link) that sell personal information.
- Link to privacy or cookie notice that explains what type of cookies the site uses, the source, the data collected, their purpose, and how users can control them.
Example of a CCPA-compliant cookie text on a consent notice:
Best practices for a legally compliant cookie text
As we’ve seen, the GDPR and CCPA have similar requirements for cookie text. IT depends on which law applies to your website. In case, both the laws apply, you can follow the common practices that will ensure that you are on the right side of the two laws. Not only that, these guidelines will even help if your website will be subject to other major privacy laws in the world.
On the first appearance, the cookie banner/notice text must satisfy these requirements:
- Use simple and easy-to-understand language.
- Avoid technical and/or legal terms that would confuse a layperson.
- Make it clear that the users have the option to opt out of cookies or accept only certain categories of cookies.
- Do not assume that the users are okay with cookies without giving them the option to opt out.
- Mention it clearly in case you use only necessary cookies that do not require consent.
- Add conspicuous opt-in and opt-out options (users understand words like “accept all” and “reject all” more than other technical terms) and preferably of the same format level.
When they select cookie settings, the cookie text must explain:
- What each category of cookies means.
- Each category must have separate consent options., and this should be presented clearly.
- Button to save the cookie preferences.
Frequently asked questions
How do cookies track you?
Cookies are the little bits of code that websites use to track users. When a user visits a website, the web server sends back a cookie with an ID that is unique to them. The next time the user visits the same site, the browser will send the cookie back to that site so it can identify them.
Why do I keep getting cookie messages?
Laws like GDPR and CCPA require websites to inform their users about cookies and their purpose before using them. Cookie messages or texts are this information that lets users know what cookies will be stored on their device if they accept them and that they have the option to reject them. Over the last few years, these laws have come down on many businesses that violated these rules. So, the websites now are more serious about cookie messages.
Should you accept cookies?
Accepting cookies is a choice to be made based on the type of cookies. you can accept the cookies if they do not share your personal data with third parties or interpret with your privacy. But if these cookies are set by third parties and they will likely use your personal data to track you, you may want to rethink accepting them. It is better to block cookies if you have to share private or sensitive information like bank details or medical data or if the website is not encrypted.
What is the purpose of cookies?
Cookies are used to improve a website’s operation and services or perform additional services. The most common purposes are remembering login credentials, holding items in an online shopping cart, placing targeted advertisements, gathering analytics, and improving user experience. Therefore, the purpose of cookies varies depending on their type and source. Read more about cookies and how they work here.
Should I delete cookies?
Like accepting cookies, deleting cookies is a choice you need to make depending upon the type of cookies, website security, and the type of data shared.
It is ideal to delete cookies if:
- the cookies collect and track your information;
- the website is not secure; or
- you have shared private or sensitive information with the website.
You can find the option to delete or clear cookies in most web browser settings.
Learn how to manually check cookies in your web browser.
How to clear cookies in your web browser?
- Click the three dots in the top right corner
- Click More tools > Clear browsing data.
- Check the Cookies and other site data checkbox and click Clear data to clear all cookies.
- or you can go to Privacy and security in settings and select Cookies and other site data > sell all cookies and site data to selectively clear cookies.
- Click the three lines in top right corner and click Settings.
- Select Privacy & Security and scroll down to Cookies and Site Data.
- Click Clear Data and press the Clear button (ensure that the Cookies and Site Data checkbox is ticked) to clear cookies.
- In the dialog box, Click Clear Now to confirm.
- Select Preferences from the top left corner menu.
- Select the Privacy tab.
- Click the Remove All Website Data button.
- Click Remove Now in the popup window to clear cookies.